From: niekt0 Date: Mon, 20 Jun 2011 13:29:19 +0000 (+0200) Subject: getUserSubmission_children fix X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=ad7b5117657235e1fcb080389ab52a1b126736d0;p=mirrors%2FKyberia-bloodline.git getUserSubmission_children fix --- diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc index c85a43f..8b21936 100644 --- a/wwwroot/backend/mysql/backend.inc +++ b/wwwroot/backend/mysql/backend.inc @@ -276,9 +276,27 @@ node_parent='$node_handle' order by node_created $orderby LIMIT $offset,$limit"; public static function GetUserSubmissionsChildren($user_id,$limit=23,$offset=0,$orderby='') { global $db; - $q="select users.*,nodes.* from nodes -left join users on users.user_id=nodes.node_creator where -node_creator='$user_id' order by node_created $orderby LIMIT $offset,$limit"; + if (!is_numeric($user_id)) { + return -1; + } + if (!is_numeric($limit)) { + return -1; + } + if (!is_numeric($offset)) { + return -1; + } + + // XXX orderby mysql escape + + $q = "select n1.* from nodes as n1 join + (select node_id,node_creator from nodes where node_creator='$user_id') + as j2 on n1.node_parent=j2.node_id + join users as j3 on j3.user_id=n1.node_creator order by node_created + $orderby LIMIT $offset,$limit"; + +// $q="select users.*,nodes.* from nodes +// left join users on users.user_id=nodes.node_creator where +// node_creator='$user_id' order by node_created $orderby LIMIT $offset,$limit"; //$q="select * from nodes LIMIT 10,10"; #echo $q; $result=$db->query($q);